Jump to content
Welcome to our new Citrix community!
  • 4

Windows 10 Modern Apps Breaking WSAPPX


Som Som

Question

Hitting some issues with Windows 10 (1903 running 1912 VDA) modern apps breaking. A quick summary of what’s happening:

 

  • User logs on for the first time, wsappx services consumes high CPU (constant 30% or so) and folders in %localappdata%\Packages constantly update
  • Event IDs 20,21,23,24 are continually logged in event viewer (left 20 hours+ with no change)
    • Repair of state locations for operation SettingsInitialize against package Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy with error -2147024891 returned Error Code: 0
    • Triggered repair because operation LocalSettings against package Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy hit error -2147024891.
  • This results in things like modern apps Calculator / Photos / Store not launching
    • Either there is no application to launch, or the shortcut is correct, however the application launches but then quickly disappears
  • On the 2nd logon we receive a ton of “default app” resets for various file extensions

 

We’re tried syncing / mirroring %localappdata%\Packages and setting “Allow deployment operations in special profiles”.

 

Unsure if this is a UPM issue, or a fundamental Windows 10 issue as some of the packages in C:\Program Files\WindowsApps end up missing the AppManifest.XML files.

 

Also looked at re-registering various apps, by copying the packages from a vanilla install (see: https://superuser.com/questions/949112/restore-microsoft-store-application-in-windows-10).

 

Anyone hit this?

Link to comment

22 answers to this question

Recommended Posts

  • 1

It looks like I'm not alone :) I got ticket opened with them 2 weeks ago and it was escalated further.

Just got a private hotfix  today by replacing the userprofilemanager.exe.

 

As a workaround.

logon the target user on VDA, open regedit, navigate to HKCU\software\microsoft to enable its inheritance (right click -> permissions -> advanced, click ‘Enable inheritance’, click ‘Apply’ and ‘OK’) 

This should fix it as well.

  • Like 1
Link to comment
  • 1

The workaround from above as a PowerShell script: 

 

$Folder = "HKCU:\Software\Microsoft\"

$SourceACL = Get-ACL -Path $Folder

#Enable inheritance

$SourceACL.SetAccessRuleProtection($False,$True)

Set-Acl -Path $Folder -AclObject $SourceACL

 

Probably implemented as a Login Script or a Scheduled Task from time to time might be a practicable workaround alltough it's not yet tested over time. So completly at your own risk. 

 

Have this issue in a env where no O365 product is installed. And we even setup a brand new Win 1909 without any additional SW. Plain Windows, Updates, VDA & UPM and had the 
problem right after the second login. 

 

Would be great if Ctx would at least mention it in an official known issue part somewhere.

  • Like 1
Link to comment
  • 1
15 hours ago, Daniel Kuhn1709161208 said:

The workaround from above as a PowerShell script: 

 

$Folder = "HKCU:\Software\Microsoft\"

$SourceACL = Get-ACL -Path $Folder

#Enable inheritance

$SourceACL.SetAccessRuleProtection($False,$True)

Set-Acl -Path $Folder -AclObject $SourceACL

 

Probably implemented as a Login Script or a Scheduled Task from time to time might be a practicable workaround alltough it's not yet tested over time. So completly at your own risk. 

 

Have this issue in a env where no O365 product is installed. And we even setup a brand new Win 1909 without any additional SW. Plain Windows, Updates, VDA & UPM and had the 
problem right after the second login. 

 

Would be great if Ctx would at least mention it in an official known issue part somewhere.

Hi,

Open a case for get the Private Fix "CVADHELP-13947". This fix will be included in 1912 LTSR CU1 mid 2020.

 

 

 

  • Like 1
Link to comment
  • 0
On 2/12/2020 at 4:16 PM, Ignacio Sorita said:

It looks like I'm not alone :) I got ticket opened with them 2 weeks ago and it was escalated further.

Just got a private hotfix  today by replacing the userprofilemanager.exe.

 

As a workaround.

logon the target user on VDA, open regedit, navigate to HKCU\software\microsoft to enable its inheritance (right click -> permissions -> advanced, click ‘Enable inheritance’, click ‘Apply’ and ‘OK’) 

This should fix it as well.

The workaround seemed to have worked for me. After the permission change, the high CPU immediately dropped and the Modern Apps (Calc, Sticy Notes, Snip & Sketch) are working again.

 

I am currently running on VDA 1912 so I will back to an earlier VDA release.

Link to comment
  • 0
On 2/12/2020 at 10:16 PM, Ignacio Sorita said:

It looks like I'm not alone :) I got ticket opened with them 2 weeks ago and it was escalated further.

Just got a private hotfix  today by replacing the userprofilemanager.exe.

 

As a workaround.

logon the target user on VDA, open regedit, navigate to HKCU\software\microsoft to enable its inheritance (right click -> permissions -> advanced, click ‘Enable inheritance’, click ‘Apply’ and ‘OK’) 

This should fix it as well.

Hi,

Can you indicate the name for the private fix please. I would like open a ticket. With the name, the support is more effective.

Link to comment
  • 0
On 2/28/2020 at 2:06 AM, Henrry Ortiz said:

I have found the same Error, with Citrix Cloud, Windows 10 1909, UPM 19.12.100 and now we have the private fix.

 

But the sorprise is that with the private fix at second login the same user is more slow logon and problems with explorer, so if you have any advice please tell me.

Hi,

Did you have replace file UserProfileManager.exe in C:\Program Files\Citrix\User Profile Manager and did you reset the profil ?

 

 

Link to comment
  • 0
8 hours ago, Pierre-Alain Parent1709160271 said:

Hi,

Did you have replace file UserProfileManager.exe in C:\Program Files\Citrix\User Profile Manager and did you reset the profil ?

 

 

Hi, 

 

Yeah we are working at same case with citrix with no futer solution, after we replace the UserProfileManager.exe we have that error and the problem with office 365 proplus activation. so we resolve one but gain another one.

 

And we start with fresh profile after replace the UserProfileManager.exe

Link to comment
  • 0

Same issue.  Got the private fix, replaced UserProfileManager.exe, deleted profiles.  Office 365 \ one drive do not auto login or activate automatically as they did with 1909 and 7.15 CU5.  Login times are incredibly long, over 60 sec on the authentication phase.

 

Many errors in the Microsoft-Windows-AAD/Operational logs:

 

Error: 0xCAA5001C Token broker operation failed.

Operation name: GetTokenSilently, Error: -895352823 (0xcaa20009), Description: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

Trace ID: da286002-11d6-4364-8e55-6b7203ca2000

Correlation ID: a723b1d3-01d9-4191-80f9-c590e70ffd9d

Timestamp: 2020-03-05 14:28:11Z

Logged at webaccountprocessor.cpp, line: 593, method: AAD::Core::WebAccountProcessor::ReportOperationError.

 

 

Error: 0xCAA90056 Renew token by the primary refresh token failed.

Logged at refreshtokenrequest.cpp, line: 147, method: RefreshTokenRequest::AcquireToken.

 

Request: authority: https://login.microsoftonline.com/common, client: 60c8bde5-3167-4f92-8fdb-059f6176dc0f, redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/60c8bde5-3167-4f92-8fdb-059f6176dc0f, resource: https://aadrm.com, correlation ID (request): 440747e6-e3ba-4d47-8422-05405ab7dcb1

Link to comment
  • 0
31 minutes ago, GianMarco Occhionero1709155336 said:

Same issue.  Got the private fix, replaced UserProfileManager.exe, deleted profiles.  Office 365 \ one drive do not auto login or activate automatically as they did with 1909 and 7.15 CU5.  Login times are incredibly long, over 60 sec on the authentication phase.

 

Many errors in the Microsoft-Windows-AAD/Operational logs:

 

Error: 0xCAA5001C Token broker operation failed.

Operation name: GetTokenSilently, Error: -895352823 (0xcaa20009), Description: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

Trace ID: da286002-11d6-4364-8e55-6b7203ca2000

Correlation ID: a723b1d3-01d9-4191-80f9-c590e70ffd9d

Timestamp: 2020-03-05 14:28:11Z

Logged at webaccountprocessor.cpp, line: 593, method: AAD::Core::WebAccountProcessor::ReportOperationError.

 

 

Error: 0xCAA90056 Renew token by the primary refresh token failed.

Logged at refreshtokenrequest.cpp, line: 147, method: RefreshTokenRequest::AcquireToken.

 

Request: authority: https://login.microsoftonline.com/common, client: 60c8bde5-3167-4f92-8fdb-059f6176dc0f, redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/60c8bde5-3167-4f92-8fdb-059f6176dc0f, resource: https://aadrm.com, correlation ID (request): 440747e6-e3ba-4d47-8422-05405ab7dcb1

 

Hi, 

 

The solution for us is:

 

After the user logon to the Windows 10, VDA 19.12

 

Regedit HKCU-Software-Microsoft

right click -> permissions -> advanced, click ‘Enable inheritance’, click ‘Apply’ and ‘OK’

 

and you have to add this via GPO for each user.

 

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
"DisableADALatopWAMOverride"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
"DisableAADWAM"=dword:00000001

 

Thanks,  at all and to this https://discussions.citrix.com/topic/407307-citrix-upm-breaks-office-365-activation/

Link to comment
  • 0
On 2/24/2020 at 1:40 PM, Daniel Kuhn1709161208 said:

The workaround from above as a PowerShell script: 

 

$Folder = "HKCU:\Software\Microsoft\"

$SourceACL = Get-ACL -Path $Folder

#Enable inheritance

$SourceACL.SetAccessRuleProtection($False,$True)

Set-Acl -Path $Folder -AclObject $SourceACL

 

Probably implemented as a Login Script or a Scheduled Task from time to time might be a practicable workaround alltough it's not yet tested over time. So completly at your own risk. 

 

Have this issue in a env where no O365 product is installed. And we even setup a brand new Win 1909 without any additional SW. Plain Windows, Updates, VDA & UPM and had the 
problem right after the second login. 

 

Would be great if Ctx would at least mention it in an official known issue part somewhere.

 

Worked for me!

 

I set by logon script till the fix be available!

Link to comment
  • 0

Seems there may have been some regression in the private fix...We had the private fix implemented on our images, and after a profile rebuild apps were working again.  Now I'm hearing of them being unusable again, and seeing the same with my own profile.  I'm not sure if a windows update caused it, I am going to try to re-apply the patch and see if it takes care of it again, but I can't realistically make all my users go through a profile rebuild again.  Hopefully they can get this sorted out in CU1.

Link to comment
  • 0
1 hour ago, Nate Erickson said:

Seems there may have been some regression in the private fix...We had the private fix implemented on our images, and after a profile rebuild apps were working again.  Now I'm hearing of them being unusable again, and seeing the same with my own profile.  I'm not sure if a windows update caused it, I am going to try to re-apply the patch and see if it takes care of it again, but I can't realistically make all my users go through a profile rebuild again.  Hopefully they can get this sorted out in CU1.

 

I have been working on this errors 3 months, and finally got the solution:

 

You have to disable the Exclusion Directory of the \Appdata\Local\Packages and let VDA19.12 sync this folder in the model of mirrored folder, and put the regedit solution.

 

With this combination you can have a stable running.

 

At the new vda 20.03 implemented that solution, https://docs.citrix.com/en-us/profile-management/current-release/whats-new/fixed-issues.html

Link to comment
  • 0
On 2/12/2020 at 3:16 PM, Ignacio Sorita said:

It looks like I'm not alone :) I got ticket opened with them 2 weeks ago and it was escalated further.

Just got a private hotfix  today by replacing the userprofilemanager.exe.

 

As a workaround.

logon the target user on VDA, open regedit, navigate to HKCU\software\microsoft to enable its inheritance (right click -> permissions -> advanced, click ‘Enable inheritance’, click ‘Apply’ and ‘OK’) 

This should fix it as well.

 

I was having issues with Office 365 shared licensing activation.  This also solved that problem!  Thank you for sharing.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...